California is known for being on the cutting edge of most things, and consumer privacy is one of them. Scheduled to take effect in 2020, the California Consumer Privacy Act gives consumers broader control over how their personal information is used. This was developed in part due to ongoing security breaches that have recently escalated. The new privacy laws in California include disclosures to consumers about how their personal information is collected, stored, transmitted, and shared. The new laws also outline the sharing and selling of certain information without the individuals’ knowledge or consent.
What Does the Law Cover?
There are several aspects that fall under the category of one’s personal information. Many people would immediately realize that their name, address, and phone number would be among those items. They would also think of their social security number, driver’s license, and/or state identification number.
With a bit more consideration, they might realize personal information includes commercial information like records of their personal property. It covers biometric information, which includes fingerprints retinal scans, and DNA. Under the new law, it also covers things like your Internet use and browsing activity history.
Protected aspects even include more obscure personal information like the sound of your voice and thermal information. How this is to be implemented, and even what one’s thermal information specifically is, will be defined by the Attorney General.
What Rights Are Provided to Individuals?
- The right to transparency of who is collecting their personal information and with whom they are sharing it.
- The right to demand the information.
- The right to have the information deleted.
In many cases, if a company fails to comply, the consumer has the right to bring a lawsuit. This is something that was not available to consumers before.
How Will This Affect Businesses?
When first conceived, there were many industry concerns as to how this would affect their ability to actually conduct their businesses. These were primarily raised by smaller companies. To relieve their anxieties, and reduce their disapproval, several modifications were installed. These ensure that larger California businesses receive the brunt of the impact.
There were three “thresholds” that are included. If any one of these three are met, the law applies and the company has to comply to data collection regulations:
- The company has an annual gross income that is over $25 million.
- The company annually buys or receives (for business purposes) the information of 50,000 or more consumers, whether personally or from their household devices, i.e., online use.
- The company receives more than 50-percent of their annual revenue from selling personal information.
If any one of those thresholds is met, even by small companies, the business is subject to the law. Additionally, it impacts companies that are not actually based in California, but meet one of those thresholds while doing business in the state.
There is speculation that, since California often leads the way in policy changes, perhaps other states will begin to implement their own progressive privacy laws. Although it is unlikely to occur right away, an increasing number of areas may begin to see its merits for consumers. They will also note the minimal, if any, impact it has on most companies.
The new law will clarify, expand, and enhance these regulations. Perhaps, in time, these safeguards will be in place throughout the United States. Until then, it’s important for all individuals to do their best to protect their private information from cyber criminals.